To prevent brute force attack, you should choose long enough password and adjust iterations parameter on Key transformation. Basically more iterations = more time to brute force, but your application will spend more time opening the database. Longer password = less likely for brute force to succeed.
For me 12 characters password with default 60 000 iterations seems safe enough. My estimation is that it would take at least millions of dollars to break it and my passwords are not worthy of that. You can easily make it into unbreakable for a foreseeable future by using something like 16-characters random password and 10 millions of iterations.
Key file of enough length is like an unbreakable password. But you probably can't remember it, so be careful not to lose it. My database is accessible on public URL which I remember and I remember my password, so I can always download it anywhere and open it. I think that it's a big advantage and I wouldn't want to lose it.
